Przymulony komputer czy wina tkwi w wiadomościach z loga?

tatoox · 23 Listopad 2008 09:56

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:56:43, on 2008-11-23

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [google.com/ie]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [google.com]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [go.microsoft.com/fwlink/?LinkId=69157]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [go.microsoft.com/fwlink/?LinkId=54896]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [go.microsoft.com/fwlink/?LinkId=54896]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [go.microsoft.com/fwlink/?LinkId=69157]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - [67.15.101.33/g_bin/pl/cards_2_0_0_77.cab]

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

–

End of file - 7611 bytes

huber2t · 23 Listopad 2008 10:22

W logu nic nie widzę

Podaj log z Combofix

tatoox · 23 Listopad 2008 10:40

Oto log

ComboFix 08-11-22.02 - Administrator 2008-11-23 11:34:01.1 - NTFSx86

Uruchomiony z: e:\chomiki\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Dane aplikacji\inst.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-23 do 2008-11-23 )))))))))))))))))))))))))))))))

.

2008-11-23 10:10 . 2008-11-23 10:10

2008-11-23 10:10 . 2008-11-23 10:21

2008-11-23 09:45 . 2008-11-23 09:45

2008-11-23 09:44 . 2008-11-23 09:44

2008-11-22 17:38 . 2008-11-22 17:39

2008-11-15 22:32 . 2008-11-15 22:32

2008-11-12 23:05 . 2008-11-12 23:05

2008-11-12 11:49 . 2008-11-12 11:49

2008-11-12 11:47 . 2008-11-12 11:47

2008-11-12 09:52 . 2008-11-12 09:52

2008-11-12 09:32 . 2008-11-12 09:32

2008-11-12 09:32 . 2005-02-09 11:44 22,528 --a------ c:\windows\exeshl.dll

2008-11-12 09:32 . 2008-11-12 11:49 9,719 --a------ c:\windows\KIDS COLOURING BOOK 2006.LIC

2008-11-12 09:32 . 2008-11-12 11:49 109 --a------ c:\windows\netctrl.ini

2008-11-12 08:34 . 2008-09-04 18:17 1,106,944 -----c— c:\windows\system32\dllcache\msxml3.dll

2008-11-12 08:34 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys

2008-11-10 11:11 . 2008-11-10 11:12

2008-11-07 14:08 . 2008-11-07 14:08

2008-11-07 14:08 . 2008-02-01 14:00 21,760 --a------ c:\windows\system32\drivers\lgusbmodem.sys

2008-11-07 14:08 . 2008-02-01 14:00 12,672 --a------ c:\windows\system32\drivers\lgusbbus.sys

2008-11-07 14:07 . 2008-11-07 14:11

2008-11-07 14:07 . 2008-11-07 14:10

2008-11-07 14:07 . 2008-01-14 17:48 1,703,936 --a------ c:\windows\system32\gdiplus.dll

2008-11-07 14:07 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll

2008-11-07 14:07 . 2007-11-21 14:27 591,872 --a------ c:\windows\system32\AlbumDisplay.ocx

2008-11-07 14:07 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx

2008-11-07 14:07 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx

2008-10-26 07:14 . 2008-10-26 07:14

2008-10-26 07:06 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll

2008-10-26 07:06 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll

2008-10-26 07:06 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll

2008-10-26 07:06 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll

2008-10-26 07:06 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll

2008-10-26 07:06 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll

2008-10-26 07:06 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll

2008-10-26 07:06 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll

2008-10-26 07:06 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll

2008-10-26 07:06 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll

2008-10-26 07:06 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll

2008-10-24 11:35 . 2008-10-15 17:36 337,408 -----c— c:\windows\system32\dllcache\netapi32.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-23 10:05 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype

2008-11-23 09:05 --------- d-----w c:\program files\Common Files\Adobe

2008-11-23 07:22 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM

2008-11-22 17:25 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\GanymedeNet

2008-11-19 13:57 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Vso

2008-11-19 12:31 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Azureus

2008-11-19 11:35 --------- d-----w c:\program files\PeerGuardian2

2008-11-17 15:11 --------- d-----w c:\program files\Norton SystemWorks

2008-11-17 14:56 --------- d-----w c:\program files\Alwil Software

2008-11-17 14:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg8

2008-11-14 09:59 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-12 20:59 4,444 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-11-12 20:59 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Corel

2008-11-07 13:08 --------- d–h--w c:\program files\InstallShield Installation Information

2008-11-05 22:24 --------- d-----w c:\program files\Real Alternative

2008-11-05 22:24 --------- d-----w c:\program files\QuickTime Alternative

2008-11-05 22:24 --------- d-----w c:\program files\hp deskjet 930c series

2008-11-05 22:24 --------- d-----w c:\program files\GameHouse

2008-11-05 22:24 --------- d-----w c:\program files\Combined Community Codec Pack

2008-11-05 22:24 --------- d-----w c:\program files\BFG

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-20 14:21 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\GameHouse

2008-10-19 16:18 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\7Wonders

2008-10-19 16:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Fitn17

2008-10-18 12:34 --------- d-----w c:\program files\AVG

2008-10-18 06:25 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\SPORE

2008-10-17 18:26 --------- d-----w c:\program files\Lavalys

2008-10-16 16:50 --------- d-----w c:\program files\Nowe Gadu-Gadu

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-15 19:49 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Genimo

2008-10-09 19:15 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Thinstall

2008-10-04 22:51 --------- d-----w c:\program files\Media Player Classic

2008-10-04 22:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2008-10-04 22:22 --------- d-----w c:\program files\Zylom Games

2008-10-04 21:53 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Zylom

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-24 08:30 --------- d-----w c:\program files\2MScreenSaver

2008-09-23 04:05 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Wildfire

2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-09-03 14:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-08-30 08:49 103,736 ----a-w c:\windows\system32\PnkBstrB.exe

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-23 14:43 720,896 ----a-w c:\windows\iun6002.exe

2008-07-22 19:28 32,840 -c–a-w c:\documents and settings\Administrator\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-04 08:51 47,360 -c–a-w c:\documents and settings\Administrator\Dane aplikacji\pcouffin.sys

2008-06-04 08:48 87,608 ----a-w c:\documents and settings\Administrator\Dane aplikacji\ezpinst.exe

2008-04-01 16:21 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

2008-03-22 11:41 22,328 -c–a-w c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys

2008-03-19 21:46 476,752 ----a-w c:\documents and settings\All Users\Dane aplikacji\pswi_preloaded.exe

2008-05-19 17:23 56 --sh–r c:\windows\system32\52B1EDF411.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“JMB36X IDE Setup”=“c:\windows\RaidTool\xInsIDE.exe” [2007-03-20 36864]

“36X Raid Configurer”=“c:\windows\system32\xRaidSetup.exe” [2007-08-29 1966080]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-05-16 13529088]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-05-16 86016]

“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-12 81000]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 40048]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-19 c:\windows\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableChangePassword”= 0 (0x0)

“DisableLockWorkstation”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoRecentDocsNetHood”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.ffds”= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

“msacm.dvacm”= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

“msacm.MPEGacm”= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm

“msacm.ulmp3acm”= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“c:\WINDOWS\system32\sessmgr.exe”=

“c:\Program Files\Azureus\Azureus.exe”=

“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=

“f:\Gry\Pekin2008\Beijing.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=

“c:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=

“f:\Gry\Moto GP 08\Launcher.exe”=

“c:\Program Files\Sony Ericsson\Update Service\Update Service.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-17 110160]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]

R2 acedrv11;acedrv11;??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-17 20560]

R2 PD91Agent;PD91Agent;“c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe” [2008-07-18 693512]

R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys [2008-08-25 685952]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc []

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-21 13352]

S3 ovt530;USB PC CAMERA;c:\windows\system32\Drivers\ov530vid.sys [2006-04-10 173939]

S3 PD91Engine;PD91Engine;“c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe” [2008-07-18 910600]

S3 SIVDRIVER;SIV Kernel Driver;??\c:\windows\system32\Drivers\SIVX32.sys [2008-03-25 48864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\autorun.exe

\Shell\readme\command - notepad readme.txt

\Shell\Setup\command - G:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\starter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f23120f8-241f-11dd-915b-0012254f40dd}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

*Newly Created Service* - PROCEXP90

.

Zawartość folderu ‘Zaplanowane zadania’

2008-11-14 c:\windows\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job

c:\program files\Norton SystemWorks\OBC.exe [2003-11-28 16:46]

2008-11-05 c:\windows\Tasks\Symantec Drmc.job

c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 03:48]

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Onet.pl AutoUpdate - c:\program files\Common Files\Onet.pl\AutoUpdate.exe

.

------- Skan uzupełniający -------

.

FireFox -: Profile - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\63asxfc6.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl/

FF -: plugin - c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPCARDS.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-23 11:34:54

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

“ImagePath”="??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

Czas ukończenia: 2008-11-23 11:35:41

ComboFix-quarantined-files.txt 2008-11-23 10:35:16

Przed: 62 564 597 760 bajtów wolnych

Po: 62,648,188,928 bajtów wolnych

214 — E O F — 2008-11-12 22:07:09

Gutek · 23 Listopad 2008 11:00

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart. Użyj - http://www.bezpieczenstwosystemow.pl/in … pic=1647.0

- Flash Disinfector

- BitDefender Pica Removal Tool

- PRT (Perlovga Removal Tool)

Proszę pobrać i użyć Malwarebytes’ Anti-Malware

Wciskamy Skanuj , wybieramy dyski do skanowania i Rozpoczynamy skanowanie , na końcu wciskamy Usuń zaznaczone jak będą i Ok